[Git][security-tracker-team/security-tracker][master] apache2 fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
223664b6 by Moritz Muehlenhoff at 2022-03-14T19:25:05+01:00
apache2 fixed in sid
update two more netpbm-free issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8990,7 +8990,7 @@ CVE-2022-23944 (User can access /plugin api without authentication. This issue a
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23943 [mod_sed: Read/write beyond bounds]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.53-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943
 CVE-2022-23942
 	RESERVED
@@ -13600,15 +13600,15 @@ CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists th
 	NOT-FOR-US: Schneider Electric
 CVE-2022-22721 [Possible buffer overflow with very large or unlimited LimitXMLRequestBody]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.53-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721
 CVE-2022-22720 [HTTP request smuggling vulnerability]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.53-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720
 CVE-2022-22719 [mod_lua Use of uninitialized value of in r:parsebody]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.53-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719
 CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
 	NOT-FOR-US: Microsoft
@@ -324340,14 +324340,20 @@ CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 1
 	NOTE: Similar code path seems protected by earlier stricter size checks ("object too large")
 	NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2989/ (10.78.05)
 CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
-	- netpbm-free <undetermined> (bug #854978)
+	- netpbm-free 2:10.97.00-1 (bug #854978)
+	[bullseye] - netpbm-free <not-affected> (Legacy fork not affected)
+	[buster] - netpbm-free <not-affected> (Legacy fork not affected)
+	[stretch] - netpbm-free <not-affected> (Legacy fork not affected)
 	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions)
 	NOTE: Debian uses an old fork of netpbm
 	NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
 	NOTE: PoC+report attached to #854978
 	NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821 (10.47.63)
 CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61.  ...)
-	- netpbm-free <undetermined> (bug #854978)
+	- netpbm-free 2:10.97.00-1 (bug #854978)
+	[bullseye] - netpbm-free <not-affected> (Legacy fork not affected)
+	[buster] - netpbm-free <not-affected> (Legacy fork not affected)
+	[stretch] - netpbm-free <not-affected> (Legacy fork not affected)
 	[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c rewritten, PoC triggers clean application error handling)
 	NOTE: Debian uses an old fork of netpbm
 	NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223664b6f56aff225b8041676aab89b7710ab381

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/223664b6f56aff225b8041676aab89b7710ab381
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220314/c6e4bc4d/attachment.htm>